On 1/22/12 12:35 PM, Tarek Ziadé wrote:
Missed the reply all
---------- Forwarded message ----------
From: "Tarek Ziadé" <ziade.ta...@gmail.com <mailto:ziade.ta...@gmail.com>>
Date: Jan 22, 2012 9:35 AM
Subject: Re: [Catalog-sig] New pythonpackages.com
<http://pythonpackages.com> service coming soon
To: "Alex Clark" <acl...@aclark.net <mailto:acl...@aclark.net>>
The only concern I have is securiy. if someone breaks your server it can
create havoc for those packages on PyPI.
To address this, I'll most likely move the site to heroku where it will
run on lxc-contained [1], ephemeral instances with configuration stored
in the environment only [2].
Maybe there's a way to make
this more secure, like making session based authorization ? Or that's
what you planned maybe ?
I'm not sure what you mean, but I'm certainly planning lots of things
for the future, assuming things go well. WRT to sessions the app
currently uses Pyramid's auth_tkt policy, which configures a session for
anyone that authorizes the app on github.com.
Otherwise cool idea
Thanks
Alex
[1] http://lxc.sourceforge.net/
[2] http://devcenter.heroku.com/articles/config-vars#an_example
Cheers
Tarek
On Jan 22, 2012 9:04 AM, "Alex Clark" <acl...@aclark.net
<mailto:acl...@aclark.net>> wrote:
Folks,
I have created a new service aimed at making it easier to release
Python packages to PyPI. The primary user is currently: me. And to
date, I have only released a single package with it: Pillow (well,
in fact I really only tested a portion of the release process with
Pillow).
It works like this:
- I have created a "user" `pythonpackages` on PyPI
- I have uploaded an ssh key [1].
- I have added `pythonpackages` as a maintainer of `Pillow`.
- You can imagine the rest (and if you can't, it's a secret for now.)
Now, I read the TOS very carefully before creating the
`pythonpackages` "user". And there was nothing in it to indicate
this action is anything other than "fair use". But I want to bring
it to the attention of the PyPI maintainers now, in the event the
service becomes popular later (I know at least I am planning to use
it quite a bit. And we have ~70 beta users signed up to begin testing.)
The bottom line is: there is now a "user" on the PyPI called
`pythonpackages` that is in fact not a user, but a website
(pythonpackages.com <http://pythonpackages.com>). By adding the
"user" `pythonpackages` as a Maintainer to your package, you will be
able to use the pythonpackages.com <http://pythonpackages.com>
service to automate your release process in some exciting capacity,
to be revealed soon. This is just one aspect of the service I am
building, but it is an important milestone that I wanted to share
(for obvious reasons).
I welcome any comments/questions/concerns. It is my sincere hope
that at the most, I am not offending anyone with my actions and at
the least, I am not violating any terms or conditions that I don't
know about.
Sincerely,
Alex Clark
[1] I am using pypissh, http://pythonpackages.com/__info/pypissh
<http://pythonpackages.com/info/pypissh> (many thanks to Martin von
Löwis for this).
--
Alex Clark · http://pythonpackages.com
_________________________________________________
Catalog-SIG mailing list
Catalog-SIG@python.org <mailto:Catalog-SIG@python.org>
http://mail.python.org/__mailman/listinfo/catalog-sig
<http://mail.python.org/mailman/listinfo/catalog-sig>
_______________________________________________
Catalog-SIG mailing list
Catalog-SIG@python.org
http://mail.python.org/mailman/listinfo/catalog-sig
--
Alex Clark · http://pythonpackages.com
_______________________________________________
Catalog-SIG mailing list
Catalog-SIG@python.org
http://mail.python.org/mailman/listinfo/catalog-sig
